The Standard
The Standard
DeFiHardhat
20,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

The `SmartVaultV3::canRemoveCollateral` function incorrectly underestimates the max amount of collateral that can be removed

DarkTower

Summary

The SmartVaultV3::canRemoveCollateral function incorrectly underestimates the max amount of collateral that can be removed, which limits the user ability to withdraw or manage his assets.

Vulnerability Details

The issue arises in the calculation within the SmartVaultV3::canRemoveCollateral function. The current implementation does not correctly factor in the collateral rate when determining if collateral can be removed.

function canRemoveCollateral(ITokenManager.Token memory _token, uint256 _amount) private view returns (bool) {
if (minted == 0) return true;
uint256 currentMintable = maxMintable();
uint256 eurValueToRemove = calculator.tokenToEurAvg(_token, _amount);
@> return currentMintable >= eurValueToRemove &&
minted <= currentMintable - eurValueToRemove;
}

Impact

  • The function underestimates the amount of collateral that can be safely removed. Which can restrict users from withdrawing to their actual maximum withdrawable amount.

  • This can greatly limit the users flexibility to manage their funds especially for big collateral depositors.

Tools Used

Manual review

Recommendation

To correct this issue, the calculation within canRemoveCollateral should be modified to minted < currentMintable - eurValueToRemove * * ISmartVaultManagerV3(manager).HUNDRED_PC() / ISmartVaultManagerV3(manager).collateralRate();.

Updates

Lead Judging Commences

hrishibhat Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

canRemoveCollateral

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.